The nhrp authentication command configures an authentication character string for NHRP negotiation.
The undo nhrp authentication command deletes an authentication character string for NHRP negotiation.
By default, no authentication character string is configured for NHRP negotiation.
| Parameter | Description | Value |
|---|---|---|
| hash |
Specifies the hash algorithm. |
- |
| sha2-256 |
Specifies SHA2-256 as the NHRP authentication algorithm. |
- |
| sha2-384 |
Specifies SHA2-384 as the NHRP authentication algorithm. |
- |
| sha2-512 |
Specifies SHA2-512 as the NHRP authentication algorithm. |
- |
| cipher authenString |
Specifies the NHRP authentication string. |
The value is a string of 1 to 8 characters if the password is not encrypted, or a string of 48 characters if the password is encrypted. The value is a string of 1 to 8 case-sensitive characters, special characters supported. The character string, however, cannot contain question marks (?) or spaces. To improve security, it is recommended that the authentication string contain at least two types of the following characters: lowercase letters, uppercase letters, digits, and special characters. In addition, the authentication string must contain at least six characters. |
Usage Scenario
This command configures the NHRP authentication string on a spoke and the hub. This command enables the hub to reject the illegal registration of a spoke.
Configuration Impact
After this command is executed on a spoke and the hub, the spoke sends an NHRP Registration Request packet to the hub, and the hub decides whether to process this packet based on the NHRP authentication string in the packet. If this NHRP authentication string is different from that configured on the hub, the hub does not process this packet. If the two NHRP authentication strings are the same, the hub processes this packet.
Precautions
If the NHRP authentication string is configured on a spoke but not on the hub, the hub does not authenticate the authentication string of the spoke. Instead, the spoke performs the authentication but the authentication fails.